WO 01/91465 describes a mechanism for broadcasting digital media content in a secure manner to a general group of end users, while still maintaining the desired degree of specificity in terms of those end users who actually use or access the digital media content. An end user device and a broadcaster head-end communicate through at least one channel. The security features for the content are provided by encrypting the content, such that access to the media content is only possible for authorized users. The access information is distributed through an ECM (control message), which enables the end user device to create the correct key. The end user device is only able to generate the key if the end user device also receives an EMM, or entitlement message, from the broadcaster head-end. The EMM could be sent to a plurality of different end user devices at one time, as a broadcast or multicast, such that a group of end user devices would receive the information at once. A particular EMM could be designated for one group of end user devices, according to a particular subscription plan or other type of payment structure and/or according to the network address of the members of the group of end user devices.
A problem with an approach using the network address of the members of the group of end user devices, is that it is not very effective in providing information regarding the network topology. This means that end user devices at disparate branches of a tree sourced at the head-end could end up in one group, which in turn results in a large amount of network traffic as multicast router systems close to the head-end system provide copies of the group message to several adjoining rnulticast router systems.